'\" t
.\"     Title: dblink_connect_u
.\"    Author: The PostgreSQL Global Development Group
.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
.\"      Date: 2011-12-01
.\"    Manual: PostgreSQL 9.1.2 Documentation
.\"    Source: PostgreSQL 9.1.2
.\"  Language: English
.\"
.TH "DBLINK_CONNECT_U" "3" "2011-12-01" "PostgreSQL 9.1.2" "PostgreSQL 9.1.2 Documentation"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
dblink_connect_u \- opens a persistent connection to a remote database, insecurely
.SH "SYNOPSIS"
.sp
.nf
dblink_connect_u(text connstr) returns text
dblink_connect_u(text connname, text connstr) returns text
.fi
.SH "DESCRIPTION"
.PP

\fBdblink_connect_u()\fR
is identical to
\fBdblink_connect()\fR, except that it will allow non\-superusers to connect using any authentication method\&.
.PP
If the remote server selects an authentication method that does not involve a password, then impersonation and subsequent escalation of privileges can occur, because the session will appear to have originated from the user as which the local
PostgreSQL
server runs\&. Also, even if the remote server does demand a password, it is possible for the password to be supplied from the server environment, such as a
~/\&.pgpass
file belonging to the server\*(Aqs user\&. This opens not only a risk of impersonation, but the possibility of exposing a password to an untrustworthy remote server\&. Therefore,
\fBdblink_connect_u()\fR
is initially installed with all privileges revoked from
PUBLIC, making it un\-callable except by superusers\&. In some situations it may be appropriate to grant
EXECUTE
permission for
\fBdblink_connect_u()\fR
to specific users who are considered trustworthy, but this should be done with care\&. It is also recommended that any
~/\&.pgpass
file belonging to the server\*(Aqs user
\fInot\fR
contain any records specifying a wildcard host name\&.
.PP
For further details see
\fBdblink_connect()\fR\&.
